From 6d1c5aaa82a41c10e6232ad9d3b15bdfe7fd3463 Mon Sep 17 00:00:00 2001 From: Christian Dresel Date: Thu, 24 Dec 2020 09:57:25 +0100 Subject: [PATCH] Add package fff-layer3-snat With this package it is possible to make SNAT with IPv4 on the router The user must set a routerip setting in gateway.meta.routerip to get a single ip for peering interfaces. At ipaddr the user must set a ip that not use in babel (e.g. 192.168.0.1/16) for the clients With this package the ipaddr address is SNAT to the routerip and every router need only one freifunk ip and can use the same ipaddr on every router. It is a system like cgnat from big provider Signed-off-by: Christian Dresel --- src/packages/fff/fff-layer3-snat/Makefile | 32 +++++++++++++++++ .../files/etc/layer3.d/33-snat.conf | 36 +++++++++++++++++++ .../files/usr/lib/firewall.d/30-snat | 3 ++ src/packages/fff/fff-layer3/Makefile | 1 + 4 files changed, 72 insertions(+) create mode 100644 src/packages/fff/fff-layer3-snat/Makefile create mode 100644 src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf create mode 100644 src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat diff --git a/src/packages/fff/fff-layer3-snat/Makefile b/src/packages/fff/fff-layer3-snat/Makefile new file mode 100644 index 00000000..da65b76c --- /dev/null +++ b/src/packages/fff/fff-layer3-snat/Makefile @@ -0,0 +1,32 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-layer3-snat +PKG_RELEASE:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-layer3-snat + SECTION:=base + CATEGORY:=Freifunk + TITLE:=Freifunk-Franken layer3 configuration with SNAT + URL:=https://www.freifunk-franken.de + DEPENDS:= \ + +iptables-mod-nat-extra \ + +fff-firewall \ + +fff-layer3-config + +endef + +define Package/fff-layer3-snat/description + With this package it is possible to make SNAT with IPv4 on the router +endef + +define Build/Compile + # nothing +endef + +define Package/fff-layer3-snat/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-layer3-snat)) diff --git a/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf b/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf new file mode 100644 index 00000000..66305f7c --- /dev/null +++ b/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf @@ -0,0 +1,36 @@ +configure() { + # first we delete the snat config + uci -q del network.client.fff_snat + uci -q del network.client.fff_snat_routerip + if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then + + # first check the config is plausible + routerip=$(uci -q get gateway.meta.routerip) + + if ! $routerip; then + echo "ERROR: No routerip set, which is required for SNAT!" + return 1 + fi + if ! uci -q get gateway.@client[0].ipaddr; then + echo "ERROR: No ipaddr set, which is required for SNAT!" + return 1 + fi + + # keep only the first IP + routerip=${routerip%% *} + # keep only the IP without the CIDR + routerip=${routerip%%/*} + + # We set the snat config + uci set network.client.fff_snat=1 + uci set network.client.fff_snat_sourceip=$routerip + fi +} + +apply() { + uci commit network +} + +revert() { + uci revert network +} diff --git a/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat b/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat new file mode 100644 index 00000000..d77844be --- /dev/null +++ b/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat @@ -0,0 +1,3 @@ +if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then + iptables -t nat -A POSTROUTING -i br-client -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip) +fi diff --git a/src/packages/fff/fff-layer3/Makefile b/src/packages/fff/fff-layer3/Makefile index ce3d2002..f0069b36 100644 --- a/src/packages/fff/fff-layer3/Makefile +++ b/src/packages/fff/fff-layer3/Makefile @@ -15,6 +15,7 @@ define Package/fff-layer3 +fff-boardname \ +fff-dhcp \ +fff-layer3-config \ + +fff-layer3-snat \ +fff-network \ +fff-ra \ +fff-wireguard \